secret-scanner

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill includes many literal secret examples and shows fixes that paste secret values into .env and code snippets, and a secret-scanner would likely echo detected secret snippets in alerts, meaning the LLM may need to output secret values verbatim (exfiltration risk).